Google has introduced a paid-for version of its web applications it hopes will be popular with small firms

The paid version adds more storage, phone help and guarantees of availability to the Gmail, calendar, word processing and messaging package.

Industry analysts suggest the move is aimed squarely at Microsoft and its Office suite of programs.

At the same time BT and Microsoft signed a deal to create a marketplace of web-based programs for small firms.

'Brutal timing'

Google's new service costs $50 (£27 or 40 euros) for every account and for this customers get phone support, a guarantee that the online applications will work 99.9% of the time and 10 gigabytes of storage for each e-mail address.

The package of programs available includes e-mail, word processing, spreadsheets, calendar and Google Talk.

By paying, users also get the option to turn off the adverts that usually populate the free versions.

The free version of this package was introduced in August 2006 and Google said that more than 100,000 businesses had signed up.

Google hopes that the chance to collaborate on key documents via the web will prove popular to small firms who are more used to e-mailing copies back and forth.

Analysts said the announcement was intended to give people an alternative to Microsoft's Office 2007.

"The timing is just brutal for Microsoft," said Rebecca Wettemann, vice president of research at Nucleus Research. "It's definitely a shot across their bow."

In related news Microsoft has revealed details of a partnership with telecoms firm BT to create a marketplace for a series of business programs designed for small businesses.

The subscription-based marketplace will host all the programs itself and allow small businesses to use the different applications as a service.

As well as generic applications such as payroll programs the marketplace will also host niche applications designed for particular types of small businesses such as dentists and estate agents.

A spokesman for BT said it would be signing up software firms to make the programs soon and that it was aiming to launch by the summer.

"[Google] cannot stay on top forever. Yes, it is in the spotlight now, but a lot of smart and well-funded companies are developing technology that is different from what Google offers," Erik Hansen, president of SiteSpect, a provider of search engine marketing and Web optimization technology, told TechNewsWorld.

Last year, when Wikipedia founder Jimmy Wales announced plans to launch a new search engine in the first half of 2007, everyday users of this now ubiquitous tool wondered what Wales could do that Google (Nasdaq: GOOG) couldn't. However, the search engine community knew better.

Of course, Google reset the benchmark for search several years ago, which led to Merriam-Webster's dictionary listing of the company's name as a transitive verb.

Google patched a security hole in Google Desktop, but security software vendor Watchfire claims that the popular application's mix of Web and private hard drive searches might still be risky. A savvy hacker could surreptitiously achieve "not only remote, persistent access to sensitive data, but full system control as well," warned Watchfire.

A security flaw found late last year in Google (Nasdaq: GOOG) Desktop was quickly patched, but the company that discovered it says the popular application's mix of Web and private hard drive searches might still be risky.

Google Desktop, which uses Google search technology to scan PC hard drives as well as the Web, could be hacked by someone using a cross-scripting attack, according to a report issued by Watchfire, which discovered the hole last autumn.

A savvy hacker could surreptitiously achieve "not only remote, persistent access to sensitive data , but full system control as well," warned Watchfire.

Given Time to Fix the Flaw
Watchfire found the problem in October 2006 and alerted Google in January, Watchfire Chief Technology Officer Mike Weider told TechNewsWorld.

"They then fixed it in February and now here we are publishing this to the public," said Weider. Watchfire purposely delayed announcing its discovery, and coordinated the announcement to coincide with Google's report of a fix for the problem, because it would be "irresponsible to announce a major hole in Google Desktop" without first allowing Google to create a solution, he added.

However, while Google has plugged the gap through which thieves could steal private information using the increasingly popular hacker method of cross-site scripting, Weider remains concerned that Google Desktop does not offer users a way to prevent simultaneous searching of their own computers and the Web.

Mixing Public With Private
"It does a query to Google Desktop and adds those results to ones from Google.com," he explained. "It's that interaction that creates a vulnerability." Google should give users the option to prevent Desktop from simultaneously searching the Web, Weider suggested, but he understands why it hasn't.

"I think it has functional benefits to the product," said Weider, who acknowledged the feature is "nice" to use. The matter appears to be a "classic compromise" between good security and popular functionality, he noted.

"Watchfire notified us of this potential vulnerability, which requires an attacker to first find and attack a vulnerability in Google.com," Google spokesperson Barry Schnitt told TechNewsWorld. " A fix was developed quickly and users are being automatically updated with the patch. In addition, we have another layer of security checks to the latest version of Google Desktop to protect users from similar vulnerabilities in the future.

"We have received no reports that this vulnerability was exploited," Schnitt continued. "However, users should make sure they are running the latest version of Google Desktop by going to desktop.google.com and downloading the latest version and installing it."

The Wave of the Future?
The situation "clearly emphasizes the danger of integration between desktop applications and Web-based applications as an aperture for a malicious attacker to escalate his/her privileges by crossing from the Web environment to the desktop application environment," according to Watchfire.

Google Desktop "in and of itself is an interesting proposition" from a security standpoint, Craig Schmugar, threat research manager for McAfee Avert Labs, told TechNewsWorld. "There certainly are security concerns" with Google Desktop "even beyond this particular vulnerability," he added. "Just the notion of data integrity and data loss ... there are certainly additional concerns about what you should be running on your machine and how that application needs be secured."

Even though using Google Desktop might be somewhat risky, Weider said he likes it. "Google, to its credit, has built a great product and I'm going to continue using it," he declared.

In general, as people and companies embrace Web 2.0's interactivity, more of these types of problems are likely to surface. "We are likely to hear more of this especially around Web 2.0 as end user ability to create content for Web sites opens up this whole world," Schmugar predicted.

click-fraud.jpg (Size: 12.39 KB / Downloads: 3)
Though Google downplays the severity of the click fraud problem, it nevertheless is responding to concern over its prevalence with a new set of tools to detect and neutralize illegitimate clicks.

Google (Nasdaq: GOOG) plans to provide Web advertisers with more data and tools to combat click fraud, a damaging practice that costs advertisers an estimated US$16 billion a year.

The new tools are part of an effort to crack down on click fraud and dull its impact on the otherwise highly profitable pay per click online advertising model.

"There has been an increasingly growing cloud over Google on this issue," Ron Enderle, a principal analyst with the Enderle Group, told the E-Commerce Times. "If folks have been gaming the system , advertisers want to see some corrections."

Per Click Model
With the pay per click model, advertisers pay every time someone clicks on their ads. However, some companies mount campaigns to click repeatedly on their competitors' ads just to drive up their costs.

The practice takes advantage of the system Google currently has in place for Internet advertisers to pay their fees.

Now, Google intends to address the issue by providing advertisers with a means to scrutinize the process and gain more control over it, according to Enderle.

Blacklisting Fraudsters
In March, Google will begin allowing advertisers to blacklist certain IP addresses if click fraud is suspected -- for example, if a large number of clicks from a particular address results in few or no sales.

The company also plans to launch a Web site resource center to combat click fraud, where it will post information and tutorials to educate its advertisers on the issue of invalid clicks.

Behind the Data
On Wednesday, Google released data indicating that most fraudulent clicks are automatically detected, but it acknowledged that its pay per click Web advertising system has been abused.

Critics contend the practice is already out of control, claiming that up to half of all ad clicks are fraudulent. However, that figure is overblown, Google maintained, pegging the true number at closer to 10 percent.

Google bases its estimate on the average number of invalid clicks it catches, and doesn't charge for. The 10 percent represents an estimate US$100 million in lost revenue, Google said.

Google conceded that it doesn't catch about 0.02 percent of the click fraud that occurs -- those instances are brought to its attention by advertisers.

More Fraudulent Clicks
However, says Enderle, the information Google released does not present a complete picture. What is missing is the number of fraudulent clicks neither the search giant nor the advertisers catch.

Google is now moving to put adequate tools in place so it can more accurately measure what is happening.

"Google is realizing it better get its arms around this, or advertisers will fix the problems themselves," said Enderle, "and Google won't like that."